Add support to set high and low thresholds for pools for
v4 and v6. A message will be emitted when the usage of
the pool first exceeds the high threshold. More messages
will be skipped until the usage has gone below the low
threshold and then back above the high threshold.
Squashed commit of the following:
commit 9b0ea01f2afd1fb7ec1409166183a92731314ca7
Author: Shawn Routhier <sar@isc.org>
Date: Tue Oct 22 12:02:41 2013 -0700
-n [rt34924]
Modify the on_commit code to use a reasonable scope as the reply->lease
value may not be set, we should use the tmp->scope as we go through
the iasubopts.
[rt27912]
Add code to suppor on {commit expiry release} statements for DHCPv6.
There are several pieces to this change
1) Add space in the iasubopt structure to hold the statement pointers
2) Update the execute code to fill in the structures as necessary
3) Execute the statements when appropriate
Many of the changes in the non-v6 code are to pass the v6 structures
around to the execute code.
Modify the renew_lease6() code to properly handle a lease time
that is reduced rather than extended.
Fix the ATF tests for mdb6 and add a new test to check the
above condition.
into a hardware address handle unexpected client ids properly.
Thanks to Markus Hietava of Codenomicon CROSS project for the
finding this issue and CERT-FI for vulnerability coordination.
[ISC-Bugs #29852]
CVE: CVE-2012-3570
provides a preference and the server doesn't have any addresses or
prefixes available. Previoulsy the server ignored the request with
this patch it replies with a NoAddrsAvail or NoPrefixAvai respone.
By default the code performs according to the errata of August 2010
for RFC 3315 section 17.2.2, to enable the previous style see the
seciton on RFC3315_PRE_ERRATA_2010_08 in includes/site.h. This option
may be removed in the future.
Thanks to Jiri Popelka at Red Hat for the patch.
[ISC-Bugs #22676]
When processing an IA that we've seen check to see if the
addresses are usable (not in use by somebody else) before
handing it out.
When reading in leases from the file discard expired addresses.
When picking an address for a client include the IA ID in
addition to the client ID to generally pick different addresses
for different IAs.
[ISC-Bugs #23138] [ISC-Bugs #27945] [ISC-Bugs #25586]
[ISC-Bugs #27684]
[ISC-Bugs #23470] - Modify when an ignore return macro is defined to
handle unsed error return warnings for more versions of gcc.
[ISC-Bugs #23196] - Modify the reply handling in the server code to
send to a specified port rather than to the source port for the incoming
message. Sending to the source port was test code that should have
been removed. The previous functionality may be restored by defining
REPLY_TO_SOURCE_PORT in the includes/site.h file. We suggest you don't
enable this except for testing purposes.
[ISC-Bugs #22695] - Close a file descriptor in an error path.
[ISC-Bugs #19368] - Tidy up variable types in validate_port.
previously allocated (active) lease to a client that has changed subnets,
despite being on different shared networks. Dynamic prefixes specifically
allocated in shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
fixed-address6 (DHCPv6) is in use or not. Host scoped configuration takes
precedence. This fixes two bugs, one where host scoped configuration
would not be included from a non-fixed-address6 host record, and the equal
and opposite bug where subnet6 scoped configuration would not be used when
over-riding vlaues were not present in a matching fixed-address6 host
configuration. [ISC-Bugs #20069]
not be applied to clients addressed within that network was repaired.
- When configuring a "subnet {}" or "subnet6 {}" without an explicit
shared-network enclosing it, the DHCP software would synthesize a
shared-network to contain the subnet. However, all configuration
parameters within the subnet more intuitively belong "to any client
on that interface", or rather the synthesized shared-network. So,
when a shared-network is synthesized, it is used to contain the
configuration present inside the subnet {} clause. This means that
the configuration will be valid for all clients on that network, not
just those addressed out of the stated subnet. If you intended the
opposite, the workaround is to explicitly configure an empty
shared-network.
- A bug was fixed where Information-Request processing was not sourcing
configured option values.
- A warning was added since the DHCPv6 processing software does not yet
support class statements.
[ISC-Bugs #17638b]
